Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Critical cssnano vulnerabilities

See original GitHub issue

Laravel Mix Version: 6.0.19 (npm list --depth=0) Node Version (node -v): v12.16.2 NPM Version (npm -v): 7.13.0

Description: Recently i upgraded laravel mix to 6.0.19 and when i do a security check it is showing 2 high vulnerabilities.As vulnerable packages(packages related to cssnano package)are peer dependencies to laravel mix i can not update them directly .

When i checked this https://github.com/JeffreyWay/laravel-mix page is with latest cssnano but when i try to update Laravel Mix it is not getting updated. Any alternative for this((my project is dockerized and pipe is lined with security check due to this i can not do any further deployed) )??

Issue Analytics

State:
Created 2 years ago
Reactions:5
Comments:5

Top GitHub Comments

3reactions

thecrypticacecommented, Jun 10, 2021

I’ve been incredibly busy — apologies. I’ve got one thing to take a look at before we can tag a new release to be sure there isn’t a regression. I’ll make a note to take a look at that this weekend.

0reactions

thecrypticacecommented, Sep 9, 2021

The browser-sync issue has been fixed. We pulled the types in directly to bypass the chokidar problem. There’s gotta be a better solution though. 😕

Top Results From Across the Web

cssnano vulnerabilities - Snyk

version published direct vulnerabilities 5.1.14 28 Oct, 2022 0. C. 0. H. 0. M. 0. L 5.1.13 12 Aug, 2022 0. C. 0. H. 0....

Critical cssnano vulnerabilities · Issue #3002 · laravel-mix ...

Description: Recently i upgraded laravel mix to 6.0.19 and when i do a security check it is showing 2 high vulnerabilities.As vulnerable ......

npm audit fix 의경우 - 코딩애플 온라인 강좌

58 vulnerabilities (16 moderate, 40 high, 2 critical) ... Depends on vulnerable versions of cssnano-preset-default node_modules/cssnano

npm- laravel 8 packages and dependency - Stack Overflow

Severity vulnerability - npm- laravel 8 packages and dependency ... [dev] Path laravel-mix > cssnano > cssnano-preset-default > postcss-svgo ...

6 high severity vulnerabilities to address all issues ... - You.com

27 vulnerabilities (16 moderate, 9 high, 2 critical) To address all issues (including breaking changes), run: npm audit fix --force Run `npm audit`...